[ca-certificates/f19] * Wed Mar 27 2013 Kai Engert <kaie at redhat.com> - 2012.87-10.0 - Use both label and serial to identif

Kai Engert kengert at fedoraproject.org
Tue Mar 26 23:31:54 UTC 2013 

commit f5bd74372e8f65e363494b8d4f5db81fa8ffb14d
Author: Kai Engert <kaie at redhat.com>
Date:   Wed Mar 27 00:31:44 2013 +0100

    * Wed Mar 27 2013 Kai Engert <kaie at redhat.com> - 2012.87-10.0
    - Use both label and serial to identify cert during conversion, rhbz#927601

 ca-certificates.spec |    5 ++++-
 certdata2pem.py      |   22 +++++++++++++---------
 2 files changed, 17 insertions(+), 10 deletions(-)
---
diff --git a/ca-certificates.spec b/ca-certificates.spec
index 91b7324..df39b74 100644
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@@ -27,7 +27,7 @@ Name: ca-certificates
 # because all future versions will start with 2013 or larger.)
 
 Version: 2012.87
-Release: 9%{?dist}.1
+Release: 10.0%{?dist}
 License: Public Domain
 
 Group: System Environment/Base
@@ -271,6 +271,9 @@ fi
 
 
 %changelog
+* Wed Mar 27 2013 Kai Engert <kaie at redhat.com> - 2012.87-10.0
+- Use both label and serial to identify cert during conversion, rhbz#927601 
+
 * Tue Mar 19 2013 Kai Engert <kaie at redhat.com> - 2012.87-9.fc19.1
 - adjust to changed and new functionality provided by p11-kit 0.17.3
 - updated READMEs to describe the new directory-specific treatment of files
diff --git a/certdata2pem.py b/certdata2pem.py
index b52e031..aa1ac97 100644
--- a/certdata2pem.py
+++ b/certdata2pem.py
@@ -29,6 +29,9 @@ import urllib
 
 objects = []
 
+def printable_serial(obj):
+  return ".".join(map(lambda x:str(ord(x)), obj['CKA_SERIAL_NUMBER']))
+
 # Dirty file parser.
 in_data, in_multiline, in_obj = False, False, False
 field, type, value, obj = None, None, None, dict()
@@ -85,18 +88,18 @@ trustmap = dict()
 for obj in objects:
     if obj['CKA_CLASS'] != 'CKO_NSS_TRUST':
         continue
-    label = obj['CKA_LABEL']
-    trustmap[label] = obj
-    print " added trust", label
+    key = obj['CKA_LABEL'] + printable_serial(obj)
+    trustmap[key] = obj
+    print " added trust", key
 
 # Build up cert database.
 certmap = dict()
 for obj in objects:
     if obj['CKA_CLASS'] != 'CKO_CERTIFICATE':
         continue
-    label = obj['CKA_LABEL']
-    certmap[label] = obj
-    print " added cert", label
+    key = obj['CKA_LABEL'] + printable_serial(obj)
+    certmap[key] = obj
+    print " added cert", key
 
 def obj_to_filename(obj):
     label = obj['CKA_LABEL'][1:-1]
@@ -106,7 +109,7 @@ def obj_to_filename(obj):
         .replace(')', '=')\
         .replace(',', '_')
     label = re.sub(r'\\x[0-9a-fA-F]{2}', lambda m:chr(int(m.group(0)[2:], 16)), label)
-    serial = ".".join(map(lambda x:str(ord(x)), obj['CKA_SERIAL_NUMBER']))
+    serial = printable_serial(obj)
     return label + ":" + serial
 
 trust_types = {
@@ -137,7 +140,8 @@ openssl_trust = {
 
 for tobj in objects:
     if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST':
-        print "producing trust for " + tobj['CKA_LABEL']
+        key = tobj['CKA_LABEL'] + printable_serial(tobj)
+        print "producing trust for " + key
         trustbits = []
         distrustbits = []
         openssl_trustflags = []
@@ -154,7 +158,7 @@ for tobj in objects:
 
         fname = obj_to_filename(tobj)
         try:
-            obj = certmap[tobj['CKA_LABEL']]
+            obj = certmap[key]
         except:
             obj = None

More information about the scm-commits mailing list